> From: Paul Wouters <[email protected]> > >> http://people.redhat.com/pwouters/mozilla-extval-0.7.xpi > > > > I see no queries for TLSA records for nohats.ca, fedoraproject.org, > > or dane.rd.nic.fr from Firefox after installing the xpi file on > > FreeBSD 9.0, Windows 7, Centos 2.6.32, or Ubuntu 11.10. > > I'll remake and re-release a 0.8 to ensure the version is the latest > one and will get back to the list.
The previous announcement I saw said something about "Linux", but didn't specify the flavor. Which brand and version of Linux will be needed for the future xpi file? If any non-standard libraries are needed, what are their full names and versions and where should they be sought? > > is saying SERVFAIL about nohats.ca unless I set the CD bit. > > Yes, once again opendnssec and nsd interacted badly, and nsd's pid bug > caused nsdc to not be able to reload nsd, which caused expired RRSIGs > until I manually killed nsd and restarted it. Nohats.ca now looks much better from here. I assume it's irrelevant that one of the NS servers for nohats.ca, alpha.bebout.net still refuses to answer requests about nohats.ca. > > I hope I misunderstand, because that sounds to me like the error that > > was in the Chrome support for its notion of a predecessor to TLSA. > You misunderstand. Purple means "DNSSEC validated the hostname AND there > was a TLSA record, which was also DNSSEC validated and matched the > found TLS certificate". Ok, my mistake. > I do not know how browsers will treat the CA industry and EV certs in > the future. My opinion will not carry any weight there. I trust browser vendors will follow the clear language in RFC 6698. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
